search

aaugustin / django-sesame

"Magic Links" - URLs with authentication tokens for one-click login
https://django-sesame.readthedocs.org/
BSD 3-Clause "New" or "Revised" License
980 stars 57 forks source link

Django admin does not log in after adding Middleware #76

Closed rokdd closed 2 years ago

rokdd commented 2 years ago

I want to achieve to log in by django-sesame and django-admin by password. The login is working with password until I add the sesame.middleware.AuthenticationMiddleware into settings. Django just says that I have the wrong password, so there is no error. My user model looks like this:

class User(AbstractUser):
    objects = UserManager()
    def __int__(self):
        return self.id
    class Meta:
        db_table='auth_user'
        pass

I could not find any ticket or issue regarding the django-admin. Do I have not seen something in the settings or what I am doing wrong?

rokdd commented 2 years ago

Found the problem myself and maybe it helps others as well: AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend','sesame.backends.ModelBackend']

adamchainz commented 2 years ago

If you'd like to consider contributing a django system check to check for this, I'd be open to reviewing it.

rokdd commented 2 years ago

Well I mean some ppl might be not like to use the Django Backend, so then in the check it would like mandatory? Or do I understand this wrong?

adamchainz commented 2 years ago

The backend is required if you are using sesame?

https://github.com/aaugustin/django-sesame#getting-started

rokdd commented 2 years ago

Sure. But the Django backend, which I was missing in my settings, is only required when you use the native login of Django somewhere.

adamchainz commented 2 years ago

Oh right, it wasn't clear from your comment that it was the Django backend you were missing, rather than sesame's.

aaugustin commented 2 years ago

Perhaps the example could be changed from the somewhat cryptic:

AUTHENTICATION_BACKENDS += ["sesame.backends.ModelBackend"]

to a more obvious:

AUTHENTICATION_BACKENDS = [
    "django.contrib.auth.backends.ModelBackend",
    "sesame.backends.ModelBackend",  # add this line
]

@rokdd Do you think you would have avoided this problem?

aaugustin commented 2 years ago

If that's clearer, then we could similarly do:

MIDDLEWARE += [
    ...,
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "sesame.middleware.AuthenticationMiddleware",  # add this line
    ...,
]

which is easier to visualize than:

The best position for sesame.middleware.AuthenticationMiddleware is just after django.contrib.auth.middleware.AuthenticationMiddleware.

rokdd commented 2 years ago

Well my problem was the backend... so I would say the snippet should change like this:

AUTHENTICATION_BACKENDS = [
 'sesame.backends.ModelBackend',
 'django.contrib.auth.backends.ModelBackend'
]
adamchainz commented 2 years ago

77 does that :)